Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-03-24T01:52:33
Updated: 2024-08-04T22:10:08.403Z
Reserved: 2019-03-23T00:00:00
Link: CVE-2019-9970
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-03-24T02:29:00.670
Modified: 2024-11-21T04:52:42.287
Link: CVE-2019-9970
Redhat
No data.